US20100235917A1 - System and method for detecting server vulnerability - Google Patents

System and method for detecting server vulnerability Download PDF

Info

Publication number
US20100235917A1
US20100235917A1 US12/471,021 US47102109A US2010235917A1 US 20100235917 A1 US20100235917 A1 US 20100235917A1 US 47102109 A US47102109 A US 47102109A US 2010235917 A1 US2010235917 A1 US 2010235917A1
Authority
US
United States
Prior art keywords
service server
vulnerability
server
service
detecting
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US12/471,021
Other languages
English (en)
Inventor
Young Bae Ku
Eui Won Park
Chang Sup Ko
Seung Wan Lee
Dong Hyun Kim
Ho Jin Jung
Sung Hoon Jin
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Gmarket Inc
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Assigned to GMARKET INC. reassignment GMARKET INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: KU, YOUNG BAE, JIN, SUNG HOON, JUNG, HO JIN, KIM, DONG HYUN, KO, CHANG SUP, LEE, SEUNG WAN, PARK, EUI WON
Publication of US20100235917A1 publication Critical patent/US20100235917A1/en
Assigned to EBAY KOREA CO., LTD. reassignment EBAY KOREA CO., LTD. CHANGE OF NAME (SEE DOCUMENT FOR DETAILS). Assignors: GMARKET INC.
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Definitions

  • the present invention relates to a system and method for detecting vulnerability of a server providing a service.
  • hackers are able to intrude into vulnerable servers, upload malicious programs or files that they have created, and execute the uploaded programs or files at remote sites, thereby taking important information or modifying web sites. In this way, hackers can cause fatal damage to service providers. Further, these attacks are becoming a serious problem because they may damage not only the vulnerable server but also other servers in the same network.
  • the present invention is directed to a system and method for detecting vulnerability of a server, involving identifying a server that may be attacked by port scanning, receiving response information with respect to at least one predetermined command from the identified server, detecting and analyzing vulnerability of the server based on the response information, and thereby enabling efficient management of the vulnerability of the server.
  • the present invention is also directed to a system and method for detecting vulnerability of a server, involving identifying a server that may be attacked by port scanning, receiving response information with respect to at least one predetermined command from the identified server, detecting vulnerability of the server based on the response information, reporting the result of the detection to an administrator terminal, and thereby enabling prevention of damage to the server.
  • a system for detecting vulnerability of a server including: a check server for collecting response information with respect to at least one predetermined command from one or more service servers that provide service and thus may be attacked from outside, and detecting and analyzing vulnerabilities of the service servers based on the collected response information; an administration terminal for displaying the result of detecting and analyzing the vulnerabilities of the service servers; and a database for storing and managing pattern information concerning the vulnerabilities of the service servers.
  • the check server may perform port scanning on service servers, identify the service servers that may be attacked from outside according to the result of the port scanning, transmit the at least one predetermined command to the identified service servers, collect the response information with respect to the transmitted command, and detect and analyze the vulnerabilities of the service servers based on the collected response information.
  • the check server may identify service servers whose at least one port is open as the service servers that may be attacked from outside according to the result of the port scanning.
  • the check server compares the response information with respect to the at least one predetermined command collected from the service servers with pattern information stored in the database, and detects and analyzes the vulnerabilities of the service servers according to the result of the comparison.
  • the command may be a command requesting access authorization to the service servers, a command requesting access to the service servers, or a command requesting a specific response, among other possibilities.
  • a system for detecting vulnerability of a server including: a scanner for identifying at least one service server that provides service and thus may be attacked from outside; a collector for collecting response information received in response to one or more predetermined commands from the identified service servers; and an analyzer for detecting and analyzing vulnerability of the service servers based on the collected response information.
  • the scanner performs port scanning on service servers providing service to identify a service server whose at least one port is open.
  • the collector sequentially transmits the predetermined commands to the identified service server and collects the corresponding response information.
  • the analyzer compares the response information collected from the service server with pattern information stored in a database, and detects and analyzes the vulnerability of the service server according to the result of the comparison.
  • the analyzer stores the result of detecting and analyzing the vulnerability of the service server in the database, provides the result to an administration terminal such that an administrator can check the result, or transmits a notification message to the administrator.
  • a method of detecting vulnerability of a server including: storing and managing, at a check server, pattern information concerning vulnerabilities of one or more service servers; collecting, at the check server, response information received from at least one service server in response to at least one predetermined command; detecting and analyzing vulnerability of the service servers based on the collected response information; and displaying, at an administration terminal, the result of detecting and analyzing the vulnerability of the service servers.
  • the detecting and analyzing of the vulnerability of the service servers includes: performing port scanning on the service servers to identify a service server that may be attacked from outside; transmitting a predetermined command to the identified service server; collecting response information received in response to the transmitted command; and detecting and analyzing the vulnerability of the service server based on the collected response information.
  • the identifying of the service server includes identifying a service server whose at least one port is open.
  • the detecting and analyzing of the vulnerability of the service server further includes comparing the response information with respect to the predetermined command collected from the service server with the pattern information stored in the database, and detecting and analyzing the vulnerability of the service server according to the result of the comparison.
  • the command may be a command requesting access authorization to the service server, a command requesting access to the service server, or a command requesting a specific response, among other possibilities.
  • a method of detecting vulnerability of a server including: identifying at least one service server that provides service and thus may be attacked from outside; collecting response information received in response to one or more predetermined commands from the identified service server; and detecting and analyzing vulnerability of the service server based on the collected response information.
  • the identifying of the service server may include: performing port scanning on service servers providing service; and identifying a service server who's at least one port is open as the service server that may be attacked from outside according to the result of the port scanning.
  • the collecting of the response information includes sequentially transmitting the predetermined commands to the identified service server that may be attacked from outside, and collecting the response information received in response to the transmitted commands.
  • the detecting and analyzing of the vulnerability of the service server includes comparing the response information received from the service server in response to the predetermined commands with pattern information stored in a database and detecting and analyzing the vulnerability of the service server according to the result of the comparison.
  • the method further includes storing the result of detecting and analyzing the vulnerability of the service server in the database, providing the result to an administration terminal such that an administrator can check the result, or transmitting a notification message to the administrator.
  • FIG. 1 schematically illustrates a system according to an exemplary embodiment of the present invention
  • FIG. 2 is a block diagram of a check server such as the check server shown in FIG. 1 according to exemplary embodiment of the present invention
  • FIG. 3 is a flowchart illustrating a method of detecting vulnerability of a server according to an exemplary embodiment of the present invention.
  • FIG. 4 illustrates an example of a screen for displaying a check result according to an exemplary embodiment of the present invention.
  • the present invention provides systems and methods capable of detecting and analyzing vulnerability of a service server providing service.
  • Exemplary embodiments of the present invention involve identifying a server that may be attacked by port scanning, receiving response information with respect to at least one predetermined command from the identified server, detecting and analyzing vulnerability of the server based on the response information, and reporting the result of the detection to an administration terminal.
  • program modules include routines, programs, objects, components, data structures, etc., that perform particular tasks or implement particular abstract data types.
  • program modules include routines, programs, objects, components, data structures, etc., that perform particular tasks or implement particular abstract data types.
  • program modules include routines, programs, objects, components, data structures, etc., that perform particular tasks or implement particular abstract data types.
  • the invention may be practiced with a variety of computer-system configurations, including multiprocessor systems, microprocessor-based or programmable-consumer electronics, minicomputers, mainframe computers, and the like. Any number of computer-systems and computer networks are acceptable for use with the present invention.
  • embodiments of the present invention may be embodied as, among other things: a method, system, or computer-program product. Accordingly, the embodiments may take the form of a hardware embodiment, a software embodiment, or an embodiment combining software and hardware. In one embodiment, the present invention takes the form of a computer-program product that includes computer-useable instructions embodied on one or more computer-readable media.
  • the invention may be practiced in distributed-computing environments where tasks are performed by remote-processing devices that are linked through a communications network.
  • program modules may be located in both local and remote computer-storage media including memory storage devices.
  • the computer-useable instructions form an interface to allow a computer to react according to a source of input.
  • the instructions cooperate with other code segments to initiate a variety of tasks in response to data received in conjunction with the source of the received data.
  • the present invention may be practiced in a network environment such as a communications network.
  • a network environment such as a communications network.
  • Such networks are widely used to connect various types of network elements, such as routers, servers, gateways, and so forth.
  • the invention may be practiced in a multi-network environment having various, connected public and/or private networks.
  • Communication between network elements may be wireless or wireline (wired).
  • communication networks may take several different forms and may use several different communication protocols. And the present invention is not limited by the forms and communication protocols described herein.
  • FIG. 1 schematically illustrates a system according to an exemplary embodiment of the present invention.
  • the system for detecting vulnerability of a server illustrated in FIG. 1 includes user terminals 110 , service servers 120 , a check server 130 , a database (DB) 131 , and an administrator terminal 140 .
  • the service servers 120 provide various types of service through the Internet, and may include, for example, a web server, a content server, an image server, a file transfer protocol (FTP) server, and a DB server, among other possible services.
  • a web server may include, for example, a web server, a content server, an image server, a file transfer protocol (FTP) server, and a DB server, among other possible services.
  • FTP file transfer protocol
  • the check server 130 interoperates with the one or more service servers 120 , periodically detect and analyze vulnerabilities of the interoperating service servers 120 , and report the result to an administrator.
  • the check server 130 performs port scanning on the interoperating service servers 120 , to identify a service server whose at least one port is open as a service server that may be attacked from outside.
  • the check server 130 then collects response information received from the identified service server in response to at least one predetermined command and detects and analyzes the vulnerability of the service server based on the collected response information.
  • Port scanning is generally known in the art as a reconnaissance procedure for hacking, and denotes a technique of finding out which port is open or closed in a server having a specific Internet protocol (IP) address or domain name.
  • IP Internet protocol
  • the check server 130 stores the result of the detection and analysis in the DB 131 , and also reports it to the administrator by transmitting, for example, an e-mail or a short message service (SMS) message to the administrator terminal 140 managed by the administrator.
  • SMS short message service
  • Other communication methods known in the art may also be used to transmit the report.
  • the administrator terminal 140 displays the result of detecting and analyzing the vulnerability of the server to enable the administrator to check it such that the administrator can correct the vulnerability of the service server based on the result of the detection and analysis. Also, the administrator can continuously check whether or not the vulnerability of the service server is corrected based on the detection and analysis result stored in the DB 131 , and thus can thoroughly manage the security of the server.
  • an exemplary embodiment of the present invention identifies a server that can be attacked by port scanning, receives response information with respect to at least one predetermined command from the identified server, and detects and analyzes vulnerability of the server based on the response information, thereby enabling efficient management of the vulnerability of the server.
  • FIG. 2 is a block diagram of a check server such as the check server 130 shown in FIG. 1 according to an exemplary embodiment of the present invention.
  • the check server illustrated in FIG. 2 includes a first interface 210 , a scanner 220 , a collector 230 , an analyzer 240 , a notifier 250 , a second interface 260 , and a third interface 270 .
  • the check sever 130 interoperates with at least one service server through the first interface 210 , with an administrator terminal through the second interface 260 , and with a DB through the third interface 270 . In this way, the check server 130 may detect and analyze vulnerability of a service server, as described in detail below.
  • the scanner 220 identifies an accessible path.
  • the scanner 220 may perform port scanning on all interoperating service servers to identify a service server that may be attacked from outside based on the result of the port scanning.
  • the collector 230 sequentially transmits one or more predetermined commands to the identified service server and collects response information with respect to the transmitted commands.
  • the analyzer 240 detects and analyzes the vulnerability of the service sever based on the collected response information.
  • the analyzer 240 compares the collected response information with pattern information stored in the DB, and detects and analyzes the vulnerability of the service server according to the result of the comparison.
  • the pattern information may include information concerning vulnerabilities corresponding to service servers to be checked, and may be stored and managed in the DB.
  • the analyzer 240 stores the result of detecting and analyzing the vulnerability of the service server in the DB or provides the result to the administrator terminal, thereby enabling an administrator to properly cope with the result.
  • the analyzer 240 requests the notifier 250 to transmit the result of detecting and analyzing the vulnerability of the service server to the administrator, the notifier 250 transmits the result to the administrator using e-mail, SMS, or another communication method known in the art.
  • an exemplary embodiment of the present invention identifies a server that can be attacked by port scanning, receives response information with respect to at least one predetermined command from the identified server, detects vulnerability of the server based on the response information, and reports the result of the detection to an administrator terminal, thereby enabling prevention of damage to the server.
  • FIG. 3 is a flowchart illustrating a method of detecting vulnerability of a server according to an exemplary embodiment of the present invention.
  • a check server such as the check server shown in FIG. 2 may identify a service server having an accessible path.
  • the check server may perform port scanning on all interoperating service servers and identify a service server that may be attacked from outside based on the result of the port scanning (S 310 ).
  • the check server first checks whether or not a specific service server is normally operating in connection with the Internet.
  • the check server uses a ping command to check whether or not the service server is normally operating in connection with the Internet based on the response.
  • a server that does not technically allow the ping command can be checked by port scanning.
  • the check server determines that the service server is operating in connection with the Internet using the ping command, the check server checks whether at least one of all ports, e.g., ports numbered 0 to 65535, of the service server is open using socket communication.
  • the check server may collect state information of the service server (S 320 ).
  • the check server transmits at least one command, for example, a command requesting access authorization, a command requesting access, or a command requesting a specific response to the service server, and collects response information with respect to the command.
  • a command requesting access authorization for example, a command requesting access authorization, a command requesting access, or a command requesting a specific response to the service server
  • response information for example, access authorization to the web server can be requested in a command window, and response information may be collected.
  • the check server may collect response information indicating whether it is possible to delete or modify information in the web server.
  • response information can be collected by requesting access authorization to an FTP server in the command window.
  • the check server may check 1) whether the FTP server can be accessed from an anonymous account which can be used by any users, or 2) whether the FTP server can be accessed from an administrator account using a password, such as “root,” “admin,” or “administrator,” which can be easily guessed.
  • the check server may collect response information indicating whether it is possible to access the service server, that is, the FTP server.
  • response information can be collected by requesting access to a DB server in the command window.
  • the check server collects response information indicating whether it is possible to access the service server, that is, the DB server, or receive error information or requested information.
  • the error information may be determined to indicate that the DB server is accessed, but an error regarding the command has occurred.
  • the check server may detect and analyze vulnerability of the service server based on the collected response information (S 330 ).
  • the check server compares the collected response information with pattern information stored in a DB, and detects vulnerability of the service server according to the result of the comparison.
  • the check server provides the vulnerability of the service server to an administrator terminal (S 340 ) such that an administrator can check correct the vulnerability of the service server. Details displayed on the administrator terminal in one embodiment of the present invention will now be described with reference to FIG. 4 .
  • FIG. 4 illustrates an example of a screen for displaying a check result according to an exemplary embodiment of the present invention.
  • an administrator terminal displays information on the vulnerability of a service server received from a check server.
  • access authorization to the web server including for example, writing and deleting authorization, is displayed.
  • the administrator can see information concerning the service server having vulnerability and details on the vulnerability.
  • an exemplary embodiment of the present invention does not involve either detecting or analyzing vulnerability of a service server after accessing the service server. Rather, an exemplary embodiment of the present invention can readily detect and analyze vulnerability of a service server based on response information with respect to at least one predetermined command regardless of whether the service server is accessed or not.
  • the above-described method can be implemented as computer-readable code in a computer-readable recording medium.
  • the computer-readable recording medium is any recording medium for storing data that can be read by a computer system. Examples of the computer-readable recording medium include a read-only memory (ROM), a random access memory (RAM), a compact disk-read only memory (CD-ROM), a magnetic tape, a floppy disk, and optical data storage.
  • the medium may be implemented in the form of carrier waves (e.g., Internet transmission).
  • the computer-readable recording medium may be distributed to computer systems connected via a network, and the computer-readable code may be stored and executed by a de-centralized method.
  • Computer-readable media include both volatile and nonvolatile media, removable and nonremovable media, and contemplate media readable by a database, a switch, and various other network devices.
  • computer-readable media comprise media implemented in any method or technology for storing information. Examples of stored information include computer-useable instructions, data structures, program modules, and other data representations.
  • Media examples include, but are not limited to, information-delivery media, RAM ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile discs (DVD), holographic media or other optical disc storage, magnetic cassettes, magnetic tape, magnetic disk storage, and other magnetic storage devices. These technologies can store data momentarily, temporarily, or permanently.
  • Embodiments of the invention are not limited to the configurations and methods of the exemplary embodiments described above, and all or some of the exemplary embodiments may be selectively combined to yield variants. Many different arrangements of the various components depicted, as well as components not shown, are possible without departing from the spirit and scope of the present invention. Embodiments of the present invention have been described with the intent to be illustrative rather than restrictive. A skilled artisan may develop alternative means of implementing the aforementioned improvements without departing from the scope of the present invention. It will be understood that certain features and subcombinations are of utility and may be employed without reference to other features and subcombinations and are contemplated within the scope of the claims. Not all steps listed in the various figures need be carried out in the specific order described.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Debugging And Monitoring (AREA)
US12/471,021 2008-05-22 2009-05-22 System and method for detecting server vulnerability Abandoned US20100235917A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR10-2008-0047552 2008-05-22
KR1020080047552A KR20090121579A (ko) 2008-05-22 2008-05-22 서버의 취약점을 점검하기 위한 시스템 및 그 방법

Publications (1)

Publication Number Publication Date
US20100235917A1 true US20100235917A1 (en) 2010-09-16

Family

ID=41372325

Family Applications (1)

Application Number Title Priority Date Filing Date
US12/471,021 Abandoned US20100235917A1 (en) 2008-05-22 2009-05-22 System and method for detecting server vulnerability

Country Status (5)

Country Link
US (1) US20100235917A1 (zh)
JP (1) JP2009282983A (zh)
KR (1) KR20090121579A (zh)
CN (2) CN101588247B (zh)
SG (2) SG176513A1 (zh)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110231936A1 (en) * 2010-03-19 2011-09-22 Aspect Security Inc. Detection of vulnerabilities in computer systems
US8898289B1 (en) * 2011-03-22 2014-11-25 Netapp, Inc. Distributed event processing method and architecture
GB2515778A (en) * 2013-07-03 2015-01-07 Ibm Measuring robustness of web services to denial of service attacks
US9135441B2 (en) 2013-05-17 2015-09-15 International Business Machines Corporation Progressive static security analysis
US9268945B2 (en) 2010-03-19 2016-02-23 Contrast Security, Llc Detection of vulnerabilities in computer systems
US10528725B2 (en) 2016-11-04 2020-01-07 Microsoft Technology Licensing, Llc IoT security service
US10567396B2 (en) * 2015-12-15 2020-02-18 Webroot Inc. Real-time scanning of IP addresses
CN110971599A (zh) * 2019-11-29 2020-04-07 杭州迪普科技股份有限公司 漏洞扫描方法和装置
CN112165498A (zh) * 2020-11-12 2021-01-01 北京华云安信息技术有限公司 一种渗透测试的智能决策方法
US10972456B2 (en) 2016-11-04 2021-04-06 Microsoft Technology Licensing, Llc IoT device authentication
CN112968887A (zh) * 2021-02-02 2021-06-15 中国农业银行股份有限公司 数据处理方法、数据处理装置及相关设备
US20210234878A1 (en) * 2020-01-26 2021-07-29 Check Point Software Technologies Ltd. Method and system to determine device vulnerabilities by scanner analysis
US11290480B2 (en) 2020-05-26 2022-03-29 Bank Of America Corporation Network vulnerability assessment tool

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6036464B2 (ja) * 2013-03-26 2016-11-30 富士通株式会社 プログラム、診断方法及び診断システム
CN104426850A (zh) * 2013-08-23 2015-03-18 南京理工大学常熟研究院有限公司 基于插件的漏洞检测方法
CN103532760B (zh) * 2013-10-18 2018-11-09 北京奇安信科技有限公司 用于分析在各主机上执行的命令的分析设备、系统和方法
CN105306414A (zh) * 2014-06-13 2016-02-03 腾讯科技(深圳)有限公司 端口漏洞的检测方法、装置及系统
CN104506522B (zh) 2014-12-19 2017-12-26 北京神州绿盟信息安全科技股份有限公司 漏洞扫描方法及装置
CN106033512A (zh) * 2015-03-20 2016-10-19 中兴通讯股份有限公司 一种安全漏洞加固方法及系统
CN105528546B (zh) * 2015-12-25 2018-09-25 北京金山安全软件有限公司 一种挖掘漏洞的方法、装置及电子设备
CN107122665B (zh) * 2016-02-25 2019-08-13 腾讯科技(深圳)有限公司 漏洞检测方法以及漏洞检测装置
CN106921680B (zh) * 2017-05-05 2018-07-06 腾讯科技(深圳)有限公司 一种端口扫描方法及装置
KR102045558B1 (ko) * 2018-02-07 2019-11-15 사단법인 금융보안원 취약점 점검 항목 및 점검 대상 속성 기반 취약점 점검 자동화 서비스 제공 시스템, 방법 및 이를 기록한 기록매체
CN110311912B (zh) * 2019-07-01 2022-06-21 深信服科技股份有限公司 云端服务器、内网扫描客户端、系统、内网远程扫描方法、装置及存储介质
CN111382446A (zh) * 2020-03-15 2020-07-07 黎明职业大学 一种计算机软件常见漏洞的探测方法
KR102439984B1 (ko) * 2020-07-20 2022-09-02 김동진 웹 사이트 정보제공시스템

Citations (55)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5892903A (en) * 1996-09-12 1999-04-06 Internet Security Systems, Inc. Method and apparatus for detecting and identifying security vulnerabilities in an open network computer communication system
US6301668B1 (en) * 1998-12-29 2001-10-09 Cisco Technology, Inc. Method and system for adaptive network security using network vulnerability assessment
US20010034847A1 (en) * 2000-03-27 2001-10-25 Gaul,Jr. Stephen E. Internet/network security method and system for checking security of a client from a remote facility
US20020010855A1 (en) * 2000-03-03 2002-01-24 Eran Reshef System for determining web application vulnerabilities
US6378129B1 (en) * 1998-03-30 2002-04-23 International Business Machines Corporation Video server content synchronization
US20030056116A1 (en) * 2001-05-18 2003-03-20 Bunker Nelson Waldo Reporter
US6574737B1 (en) * 1998-12-23 2003-06-03 Symantec Corporation System for penetrating computer or computer network
US20030149935A1 (en) * 2002-01-18 2003-08-07 Hiroshi Takizawa Document authoring system and authoring management program
US20030212779A1 (en) * 2002-04-30 2003-11-13 Boyter Brian A. System and Method for Network Security Scanning
US20030217039A1 (en) * 2002-01-15 2003-11-20 Kurtz George R. System and method for network vulnerability detection and reporting
US20040019853A1 (en) * 2002-01-18 2004-01-29 Hiroshi Takizawa Document authoring system and authoring management program
US20040064550A1 (en) * 2000-12-28 2004-04-01 Tsuyoshi Sakata Data processing system
US20040193918A1 (en) * 2003-03-28 2004-09-30 Kenneth Green Apparatus and method for network vulnerability detection and compliance assessment
US20040216009A1 (en) * 2003-03-24 2004-10-28 Shimadzu Corporation Automatic analysis apparatus and method for controlling an analysis unit
US20040225877A1 (en) * 2003-05-09 2004-11-11 Zezhen Huang Method and system for protecting computer system from malicious software operation
US20040228357A1 (en) * 2003-05-16 2004-11-18 Canon Kabushiki Kaisha Receiver, connection controller, transmitter, method, and program
US20040230830A1 (en) * 2003-05-16 2004-11-18 Canon Kabushiki Kaisha Receiver, connection controller, transmitter, method, and program
US20050005169A1 (en) * 2003-04-11 2005-01-06 Samir Gurunath Kelekar System for real-time network-based vulnerability assessment of a host/device via real-time tracking, vulnerability assessment of services and a method thereof
US20050008001A1 (en) * 2003-02-14 2005-01-13 John Leslie Williams System and method for interfacing with heterogeneous network data gathering tools
US20060075464A1 (en) * 2004-10-01 2006-04-06 Microsoft Corporation Access authorization API
US20060080656A1 (en) * 2004-10-12 2006-04-13 Microsoft Corporation Methods and instructions for patch management
US20060101520A1 (en) * 2004-11-05 2006-05-11 Schumaker Troy T Method to manage network security over a distributed network
US20060191010A1 (en) * 2005-02-18 2006-08-24 Pace University System for intrusion detection and vulnerability assessment in a computer network using simulation and machine learning
US20060195588A1 (en) * 2005-01-25 2006-08-31 Whitehat Security, Inc. System for detecting vulnerabilities in web applications using client-side application interfaces
US20060253906A1 (en) * 2004-12-06 2006-11-09 Rubin Shai A Systems and methods for testing and evaluating an intrusion detection system
US20070118908A1 (en) * 2005-11-22 2007-05-24 Brown Tristan A Snoop echo response extractor
US20070124801A1 (en) * 2005-11-28 2007-05-31 Threatmetrix Pty Ltd Method and System for Tracking Machines on a Network Using Fuzzy Guid Technology
KR20070104113A (ko) * 2006-04-21 2007-10-25 엘지이노텍 주식회사 냉각팬 모듈
US7313823B2 (en) * 2000-09-29 2007-12-25 Zhenyu Gao Anti-alternation system for web-content
US20080010683A1 (en) * 2006-07-10 2008-01-10 Baddour Victor L System and method for analyzing web content
US7322044B2 (en) * 2002-06-03 2008-01-22 Airdefense, Inc. Systems and methods for automated network policy exception detection and correction
US20080133540A1 (en) * 2006-12-01 2008-06-05 Websense, Inc. System and method of analyzing web addresses
US20080263671A1 (en) * 2007-03-06 2008-10-23 Core Sdi, Incorporated System and Method for Providing Application Penetration Testing
US20080268810A1 (en) * 2002-11-15 2008-10-30 Omron Corporation Control device, communication terminal device, server device, service providing system, parameter modification method, service providing method, and control method of server device
US20080276295A1 (en) * 2007-05-04 2008-11-06 Bini Krishnan Ananthakrishnan Nair Network security scanner for enterprise protection
US20080282338A1 (en) * 2007-05-09 2008-11-13 Beer Kevin J System and method for preventing the reception and transmission of malicious or objectionable content transmitted through a network
US20080282347A1 (en) * 2007-05-10 2008-11-13 Microsoft Corporation Real-time network malware protection
US20090100522A1 (en) * 2007-10-16 2009-04-16 Min Sik Kim Web firewall and method for automatically checking web server for vulnerabilities
US20090100518A1 (en) * 2007-09-21 2009-04-16 Kevin Overcash System and method for detecting security defects in applications
US20090126005A1 (en) * 2007-11-08 2009-05-14 Min Sik Kim Method, apparatus and system for managing malicious-code spreading sites using firewall
US20090150999A1 (en) * 2007-12-05 2009-06-11 International Business Machines Corporation System, method and program product for detecting computer attacks
US20090158430A1 (en) * 2005-10-21 2009-06-18 Borders Kevin R Method, system and computer program product for detecting at least one of security threats and undesirable computer files
US20090178132A1 (en) * 2008-01-08 2009-07-09 Microsoft Corporation Enterprise Security Assessment Sharing For Consumers Using Globally Distributed Infrastructure
US20090234957A1 (en) * 2007-06-29 2009-09-17 International Business Machines Corporation Managing database connections
US20090241167A1 (en) * 2008-03-21 2009-09-24 Howard Moore Method and system for network identification via dns
US7603711B2 (en) * 2002-10-31 2009-10-13 Secnap Networks Security, LLC Intrusion detection system
US7639714B2 (en) * 2003-11-12 2009-12-29 The Trustees Of Columbia University In The City Of New York Apparatus method and medium for detecting payload anomaly using n-gram distribution of normal data
US20100024033A1 (en) * 2008-07-23 2010-01-28 Kang Jung Min Apparatus and method for detecting obfuscated malicious web page
US20100186088A1 (en) * 2009-01-17 2010-07-22 Jaal, Llc Automated identification of phishing, phony and malicious web sites
US20100218256A1 (en) * 2009-02-26 2010-08-26 Network Security Systems plus, Inc. System and method of integrating and managing information system assessments
US7797738B1 (en) * 2005-12-14 2010-09-14 At&T Corp. System and method for avoiding and mitigating a DDoS attack
US20120005756A1 (en) * 2001-07-24 2012-01-05 Ralph Samuel Hoefelmeyer Network security architecture
US8347392B2 (en) * 2005-08-25 2013-01-01 Hewlett-Packard Development Company, L.P. Apparatus and method for analyzing and supplementing a program to provide security
US8488488B1 (en) * 2007-02-22 2013-07-16 Cisco Technology, Inc. Mitigating threats in a network
US8862730B1 (en) * 2006-03-28 2014-10-14 Symantec Corporation Enabling NAC reassessment based on fingerprint change

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6205552B1 (en) * 1998-12-31 2001-03-20 Mci Worldcom, Inc. Method and apparatus for checking security vulnerability of networked devices
CN1421771A (zh) * 2001-11-27 2003-06-04 四川安盟科技有限责任公司 一种有效防御未知攻击手法的网络入侵安全防御系统
JP2006107387A (ja) * 2004-10-08 2006-04-20 Sanwa Comtec Kk オンラインサービスのリアルタイムセキュリティ証明のための方法および装置
CN100463461C (zh) * 2005-05-10 2009-02-18 西安交通大学 主动式网络安全漏洞检测器
CN100550738C (zh) * 2007-02-06 2009-10-14 上海交通大学 一种分布式网络的认证方法和系统
CN101123506B (zh) * 2007-09-24 2011-07-20 北京飞天诚信科技有限公司 敏感信息监控及自动恢复的系统和方法
CN101383735A (zh) * 2008-10-15 2009-03-11 阿里巴巴集团控股有限公司 一种服务器的检查方法、设备和系统

Patent Citations (55)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5892903A (en) * 1996-09-12 1999-04-06 Internet Security Systems, Inc. Method and apparatus for detecting and identifying security vulnerabilities in an open network computer communication system
US6378129B1 (en) * 1998-03-30 2002-04-23 International Business Machines Corporation Video server content synchronization
US6574737B1 (en) * 1998-12-23 2003-06-03 Symantec Corporation System for penetrating computer or computer network
US6301668B1 (en) * 1998-12-29 2001-10-09 Cisco Technology, Inc. Method and system for adaptive network security using network vulnerability assessment
US20020010855A1 (en) * 2000-03-03 2002-01-24 Eran Reshef System for determining web application vulnerabilities
US20010034847A1 (en) * 2000-03-27 2001-10-25 Gaul,Jr. Stephen E. Internet/network security method and system for checking security of a client from a remote facility
US7313823B2 (en) * 2000-09-29 2007-12-25 Zhenyu Gao Anti-alternation system for web-content
US20040064550A1 (en) * 2000-12-28 2004-04-01 Tsuyoshi Sakata Data processing system
US20030056116A1 (en) * 2001-05-18 2003-03-20 Bunker Nelson Waldo Reporter
US20120005756A1 (en) * 2001-07-24 2012-01-05 Ralph Samuel Hoefelmeyer Network security architecture
US20030217039A1 (en) * 2002-01-15 2003-11-20 Kurtz George R. System and method for network vulnerability detection and reporting
US20040019853A1 (en) * 2002-01-18 2004-01-29 Hiroshi Takizawa Document authoring system and authoring management program
US20030149935A1 (en) * 2002-01-18 2003-08-07 Hiroshi Takizawa Document authoring system and authoring management program
US20030212779A1 (en) * 2002-04-30 2003-11-13 Boyter Brian A. System and Method for Network Security Scanning
US7322044B2 (en) * 2002-06-03 2008-01-22 Airdefense, Inc. Systems and methods for automated network policy exception detection and correction
US7603711B2 (en) * 2002-10-31 2009-10-13 Secnap Networks Security, LLC Intrusion detection system
US20080268810A1 (en) * 2002-11-15 2008-10-30 Omron Corporation Control device, communication terminal device, server device, service providing system, parameter modification method, service providing method, and control method of server device
US20050008001A1 (en) * 2003-02-14 2005-01-13 John Leslie Williams System and method for interfacing with heterogeneous network data gathering tools
US20040216009A1 (en) * 2003-03-24 2004-10-28 Shimadzu Corporation Automatic analysis apparatus and method for controlling an analysis unit
US20040193918A1 (en) * 2003-03-28 2004-09-30 Kenneth Green Apparatus and method for network vulnerability detection and compliance assessment
US20050005169A1 (en) * 2003-04-11 2005-01-06 Samir Gurunath Kelekar System for real-time network-based vulnerability assessment of a host/device via real-time tracking, vulnerability assessment of services and a method thereof
US20040225877A1 (en) * 2003-05-09 2004-11-11 Zezhen Huang Method and system for protecting computer system from malicious software operation
US20040230830A1 (en) * 2003-05-16 2004-11-18 Canon Kabushiki Kaisha Receiver, connection controller, transmitter, method, and program
US20040228357A1 (en) * 2003-05-16 2004-11-18 Canon Kabushiki Kaisha Receiver, connection controller, transmitter, method, and program
US7639714B2 (en) * 2003-11-12 2009-12-29 The Trustees Of Columbia University In The City Of New York Apparatus method and medium for detecting payload anomaly using n-gram distribution of normal data
US20060075464A1 (en) * 2004-10-01 2006-04-06 Microsoft Corporation Access authorization API
US20060080656A1 (en) * 2004-10-12 2006-04-13 Microsoft Corporation Methods and instructions for patch management
US20060101520A1 (en) * 2004-11-05 2006-05-11 Schumaker Troy T Method to manage network security over a distributed network
US20060253906A1 (en) * 2004-12-06 2006-11-09 Rubin Shai A Systems and methods for testing and evaluating an intrusion detection system
US20060195588A1 (en) * 2005-01-25 2006-08-31 Whitehat Security, Inc. System for detecting vulnerabilities in web applications using client-side application interfaces
US20060191010A1 (en) * 2005-02-18 2006-08-24 Pace University System for intrusion detection and vulnerability assessment in a computer network using simulation and machine learning
US8347392B2 (en) * 2005-08-25 2013-01-01 Hewlett-Packard Development Company, L.P. Apparatus and method for analyzing and supplementing a program to provide security
US20090158430A1 (en) * 2005-10-21 2009-06-18 Borders Kevin R Method, system and computer program product for detecting at least one of security threats and undesirable computer files
US20070118908A1 (en) * 2005-11-22 2007-05-24 Brown Tristan A Snoop echo response extractor
US20070124801A1 (en) * 2005-11-28 2007-05-31 Threatmetrix Pty Ltd Method and System for Tracking Machines on a Network Using Fuzzy Guid Technology
US7797738B1 (en) * 2005-12-14 2010-09-14 At&T Corp. System and method for avoiding and mitigating a DDoS attack
US8862730B1 (en) * 2006-03-28 2014-10-14 Symantec Corporation Enabling NAC reassessment based on fingerprint change
KR20070104113A (ko) * 2006-04-21 2007-10-25 엘지이노텍 주식회사 냉각팬 모듈
US20080010683A1 (en) * 2006-07-10 2008-01-10 Baddour Victor L System and method for analyzing web content
US20080133540A1 (en) * 2006-12-01 2008-06-05 Websense, Inc. System and method of analyzing web addresses
US8488488B1 (en) * 2007-02-22 2013-07-16 Cisco Technology, Inc. Mitigating threats in a network
US20080263671A1 (en) * 2007-03-06 2008-10-23 Core Sdi, Incorporated System and Method for Providing Application Penetration Testing
US20080276295A1 (en) * 2007-05-04 2008-11-06 Bini Krishnan Ananthakrishnan Nair Network security scanner for enterprise protection
US20080282338A1 (en) * 2007-05-09 2008-11-13 Beer Kevin J System and method for preventing the reception and transmission of malicious or objectionable content transmitted through a network
US20080282347A1 (en) * 2007-05-10 2008-11-13 Microsoft Corporation Real-time network malware protection
US20090234957A1 (en) * 2007-06-29 2009-09-17 International Business Machines Corporation Managing database connections
US20090100518A1 (en) * 2007-09-21 2009-04-16 Kevin Overcash System and method for detecting security defects in applications
US20090100522A1 (en) * 2007-10-16 2009-04-16 Min Sik Kim Web firewall and method for automatically checking web server for vulnerabilities
US20090126005A1 (en) * 2007-11-08 2009-05-14 Min Sik Kim Method, apparatus and system for managing malicious-code spreading sites using firewall
US20090150999A1 (en) * 2007-12-05 2009-06-11 International Business Machines Corporation System, method and program product for detecting computer attacks
US20090178132A1 (en) * 2008-01-08 2009-07-09 Microsoft Corporation Enterprise Security Assessment Sharing For Consumers Using Globally Distributed Infrastructure
US20090241167A1 (en) * 2008-03-21 2009-09-24 Howard Moore Method and system for network identification via dns
US20100024033A1 (en) * 2008-07-23 2010-01-28 Kang Jung Min Apparatus and method for detecting obfuscated malicious web page
US20100186088A1 (en) * 2009-01-17 2010-07-22 Jaal, Llc Automated identification of phishing, phony and malicious web sites
US20100218256A1 (en) * 2009-02-26 2010-08-26 Network Security Systems plus, Inc. System and method of integrating and managing information system assessments

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9268945B2 (en) 2010-03-19 2016-02-23 Contrast Security, Llc Detection of vulnerabilities in computer systems
US8458798B2 (en) 2010-03-19 2013-06-04 Aspect Security Inc. Detection of vulnerabilities in computer systems
US8844043B2 (en) * 2010-03-19 2014-09-23 Contrast Security, Llc Detection of vulnerabilities in computer systems
US20110231936A1 (en) * 2010-03-19 2011-09-22 Aspect Security Inc. Detection of vulnerabilities in computer systems
US8898289B1 (en) * 2011-03-22 2014-11-25 Netapp, Inc. Distributed event processing method and architecture
US9135441B2 (en) 2013-05-17 2015-09-15 International Business Machines Corporation Progressive static security analysis
US9177143B2 (en) 2013-05-17 2015-11-03 International Business Machines Corporation Progressive static security analysis
US9769191B2 (en) 2013-07-03 2017-09-19 International Business Machines Corporation Measuring robustness of web services to denial of service attacks
GB2515778A (en) * 2013-07-03 2015-01-07 Ibm Measuring robustness of web services to denial of service attacks
US10567396B2 (en) * 2015-12-15 2020-02-18 Webroot Inc. Real-time scanning of IP addresses
US11153329B2 (en) 2015-12-15 2021-10-19 Webroot Inc. Real-time scanning of IP addresses
US10528725B2 (en) 2016-11-04 2020-01-07 Microsoft Technology Licensing, Llc IoT security service
US10972456B2 (en) 2016-11-04 2021-04-06 Microsoft Technology Licensing, Llc IoT device authentication
CN110971599A (zh) * 2019-11-29 2020-04-07 杭州迪普科技股份有限公司 漏洞扫描方法和装置
US20210234878A1 (en) * 2020-01-26 2021-07-29 Check Point Software Technologies Ltd. Method and system to determine device vulnerabilities by scanner analysis
US11290480B2 (en) 2020-05-26 2022-03-29 Bank Of America Corporation Network vulnerability assessment tool
CN112165498A (zh) * 2020-11-12 2021-01-01 北京华云安信息技术有限公司 一种渗透测试的智能决策方法
CN112968887A (zh) * 2021-02-02 2021-06-15 中国农业银行股份有限公司 数据处理方法、数据处理装置及相关设备

Also Published As

Publication number Publication date
KR20090121579A (ko) 2009-11-26
SG176513A1 (en) 2011-12-29
CN105306445A (zh) 2016-02-03
CN105306445B (zh) 2018-11-02
JP2009282983A (ja) 2009-12-03
CN101588247B (zh) 2015-10-21
CN101588247A (zh) 2009-11-25
SG157330A1 (en) 2009-12-29

Similar Documents

Publication Publication Date Title
US20100235917A1 (en) System and method for detecting server vulnerability
US10395040B2 (en) System and method for identifying network security threats and assessing network security
US8756697B2 (en) Systems and methods for determining vulnerability to session stealing
US8302198B2 (en) System and method for enabling remote registry service security audits
US20190182286A1 (en) Identifying communicating network nodes in the presence of Network Address Translation
JP2020521383A (ja) 相関関係駆動型脅威の評価と修復
CN104468632A (zh) 防御漏洞攻击的方法、设备及系统
US20130227687A1 (en) Mobile terminal to detect network attack and method thereof
US10033761B2 (en) System and method for monitoring falsification of content after detection of unauthorized access
KR20000054538A (ko) 네트워크 침입탐지 시스템 및 방법 그리고 그 방법을기록한 컴퓨터로 읽을 수 있는 기록매체
CN101714931A (zh) 一种未知恶意代码的预警方法、设备和系统
JP2010508598A (ja) ストリング分析を利用する1つまたは複数のパケット・ネットワークでの望まれないトラフィックを検出する方法および装置
CN110768951B (zh) 验证系统漏洞的方法及装置、存储介质、电子装置
CN110677381A (zh) 渗透测试的方法及装置、存储介质、电子装置
CN111783096A (zh) 检测安全漏洞的方法和装置
CN110880983A (zh) 基于场景的渗透测试方法及装置、存储介质、电子装置
CN112738095A (zh) 一种检测非法外联的方法、装置、系统、存储介质及设备
KR101768079B1 (ko) 침입탐지 오탐 개선을 위한 시스템 및 방법
KR101487476B1 (ko) 악성도메인을 검출하기 위한 방법 및 장치
US7971257B2 (en) Obtaining network origins of potential software threats
CN110768949B (zh) 探测漏洞的方法及装置、存储介质、电子装置
CN110768950A (zh) 渗透指令的发送方法及装置、存储介质、电子装置
KR101874815B1 (ko) Dns 주소의 변조 진단 방법 및 이를 위한 단말 장치
CN110995738B (zh) 暴力破解行为识别方法、装置、电子设备及可读存储介质
KR101518233B1 (ko) 기업 내부 전산환경의 위협탐지를 위한 보안 장치

Legal Events

Date Code Title Description
AS Assignment

Owner name: GMARKET INC., KOREA, REPUBLIC OF

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:KU, YOUNG BAE;PARK, EUI WON;KO, CHANG SUP;AND OTHERS;SIGNING DATES FROM 20090522 TO 20090525;REEL/FRAME:022831/0759

AS Assignment

Owner name: EBAY KOREA CO., LTD., KOREA, REPUBLIC OF

Free format text: CHANGE OF NAME;ASSIGNOR:GMARKET INC.;REEL/FRAME:031409/0916

Effective date: 20110831

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION